Hello and welcome to the Monday, November 11th, 2024 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich and I'm recording from Jacksonville, Florida.

We talked a couple times last week about compressed files and particular these concatenated SIP files. Over the weekend, we got a

quick diary by DDIH about how to deal with PKSIP files using DidiA's own SIPDM tool.

SipDM is able to extract PK SIP records and in some cases also extract the data for more details. Check out the

diary which has some users examples here and this is certainly something if you are

regularly inspecting malicious files. Well so many file formats are actually compressed files.

This could come really handy.

Well, if you are heavily using Docker, you probably are aware of a number of configuration

issues in such in Docker that could make the environment less isolated.

In order to check for these configuration issues, there is now a new quick tool

created by Adera that does, well, check for many of these different issues. It does, of course,

come as a Docker container and is as the GitHub repo says still work in progress.

They're still adding additional tests.

And then this weekend, actually a couple days earlier, there was a lot of press coverage

about 404 media article that stated that iPhones apparently are rebooting themselves while being

investigated by law enforcement. The problem here is that law enforcement often attempts to

prude force passcodes, but these attempts are then often foiled by the iPhone rebooting.

This actually appears to be a new feature added in iOS 18.

It's called in Activity Reboot.

And if an iPhone has been locked for four days, it will be rebooted.

That is supposed to make it more difficult to access any data on the phone.

...